如何验证 Python 中的 Aadhaar XML 签名?

How to validate Aadhaar XML signature in Python?

我正在尝试进行 XML 签名验证。 这是 link 到 Aadhaar 无纸化离线 e-kyc 教程 https://uidai.gov.in/ecosystem/authentication-devices-documents/about-aadhaar-paperless-offline-e-kyc.html

with open('/home/user/Downloads/uidai_auth_sign_prod_2023.cer', 'rb') as f:
     key = f.read()
import xml.etree.ElementTree as ET
tree=ET.parse("/home/user/Downloads/offlineaadhaar202205040207.xml")
root = tree.getroot()
print(root)
try:
    verified_data = XMLVerifier().verify(root, require_x509=False, x509_cert=key).signed_xml
    print("Data is : %s" % verified_data)
except Exception as exce:
    print(exce)

此代码出错:

Signature verification failed: invalid padding

如果有任何其他解决方案来验证 xml 签名。请告诉我们。

我发现 XMLVerifier 可用于验证签名 xml。 需要安装pip包

pip install signxml

这是我的工作片段

代码

from signxml import XMLVerifier
aadhar_file = '<path_to_signed_aadhaar_xml>'
cert = open('path_to_uidai_auth_sign_prod_2023.pem', "r+").read()
root = le.parse(aadhar_file).getroot()
try:
    verify = XMLVerifier().verify(root, x509_cert=cert)
except Exception as e:
    print(str(e))

如果签名无效,这将引发异常

InvalidDigest: Digest mismatch for reference 0

注意:请使用有效证书(基于https://uidai.gov.in/ecosystem/authentication-devices-documents/about-aadhaar-paperless-offline-e-kyc.html的推荐)来验证aadhaar xml